REMARKS 

This is a full and timely response to the outstanding non-final Office Action 
mailed December 13, 2004. Reconsideration and allowance of the application and 
pending claims are respectfully requested. 

I. Claim Rejections - 35 U.S.C. § 112, Second Paragraph 

Claims 5, 6, and 13 have been rejected under 35 U.S.C. § 1 12, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which the Applicant regards as the invention. 

In response to the rejection, Applicant has amended claims 5 and 6, respectively, 
to remove the term "network" from the terms "public network protocol" and "private 
network protocol". 

Furthermore, Applicant has amended claim 13 to recite "wherein said routing 
decision is made by said decision logic without regard to the contents of a payload of 
the authenticated packet". 

In view of those amendments, it is respectfully asserted that claims 5, 6, and 13 
define the invention in the manner required by 35 U.S.C. § 1 12. Accordingly, Applicant 
respectfully requests that the rejections to these claims be withdrawn. 

IL Claim Rejections - 35 U.S.C. § 102(e) 

Claims 1-5, 7-10, 12, 14-21, and 23t25 have been rejected under 35 U.S.C. § 
102(e) as being anticipated by Strahm et al. ("Strahm," U.S. Pub. No. 2002/0104020). 
Applicant respectfully traverses this rejection. 

It is axiomatic that "[anticipation requires the disclosure in a single prior art 
reference of each element of the claim under consideration." W. L. Gore & Associates, 
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Inc. v. Oarlock, Inc., 721 F.2d 1540, 1554, 220 USPQ 303, 313 (Fed. Cir. 1983). 
Therefore, every claimed feature of the claimed invention must be represented in the 
applied reference to constitute a proper rejection under 35 U.S.C. § 102(e). 

In the present case, not every feature of the claimed invention is represented in 
the Strahm reference. Applicant discusses the Strahm reference and Applicant's claims 
in the following. 

A. Claims 1 and 3-6 

Applicant's claim 1 provides as follows (emphasis added): 

1. An apparatus for performing network routing, the 
apparatus comprising: 

authentication logic configured to receive packets sent from a 
source agent to an endpoint of a tunnel and to determine whether a 
security association of a packet received corresponds to said source 
agent, the tunnel being configured by said source agent in accordance 
with a network protocol; 

decision logic configured to make a routing decision for each 
authenticated packet that is constrained based on the security 
association of the authenticated packet; and 

routing logic configured to select a routing destination for each 
authenticated packet and to route the authenticated packet to the 
selected routing destination, the routing destination selection being 
based at least partially on said routing decision. 

In the Office Action, it is argued that Strahm teaches decision logic configured 
to make a routing decision for each authenticated packet that is constrained based on 
the security association of the authenticated packet. This argument is not supported 
by Staham's disclosure. 
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Strahm describes his disclosed method for processing packets in detail in 
paragraphs 0029 to 0036. As is explained in those paragraphs, a packet 210 arrives at 
the classifying forwarding element (CFE) that has the responsibility of "classifying" 
the packet. Strahm , paragraph 0029. Once the packet is received, flow depends upon 
whether the packet is encrypted. The unencrypted situation will be described first. 

If the received packet is not encrypted (i.e., the packet is "in the clear"), the 
CFE access the packet's contents and "classifies" the packet based upon the 
information contained in those contents. Strahm , paragraph 0029. After the 
classifying has been completed, the CFE forwards the classified packet to one of 
several decrypting forwarding elements (DFEs). Strahm , paragraph 0030. 
Significantly, the classification determination made by the CFE does not control to 
which DFE the packet is routed . Instead, routing from the CFE is much more 
arbitrary. As is described by Strahm: 

[0030] Once the CFE 202 classifies the packet 210, the CFE 202 
forwards 338 the classified packet 210 to one of the DFEs 204a-204c. 
The CFE 202 can use any selection technique to choose which DFE 
204a-204c receives the packet 210. For example, the CFE 202 could 
implement a load balancing technique that distributes packets to the 
DFEs 204a-204c based on resource availability of the DFEs 204a- 
204c and/or the servers 214a-214c associated with the DFEs 204a- 
204c. In another example, the CFE 202 could implement a fixed 
scheme that distributed packets to the DFEs 204a-204c based on a 
fixed rotating order or based on a round robin scheme. 

From the above, it is clear that the CFE's classification does not control 
routing. To the contrary, routing from the CFE can be determined according to "any 
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selection technique." As is described in the above excerpt, such techniques include 
load balancing and a round robin scheme. 

In view of the above, it is clear that Strahm's CFE does not comprise "decision 
logic configured to make a routing decision for each authenticated packet that is 
constrained based on the security association of the authenticated packet", as is 
required by claim 1. Applicant's claims 1 and 2-14 are allowable over Strahm for at 
least this reason. 

B. Claims 15-21 and 23 

Applicant's claim 15 provides as follows (emphasis added): 

15. A method for performing network routing, the method 
comprising: 

authenticating received packets sent from a source agent to an 
endpoint of a tunnel by determining whether a security association of a 
received packet corresponds to the source agent that sent the packet, 
the tunnel being configured by said source agent in accordance with a 
network protocol; 

making a routing decision for an authenticated packet, the 
routing decision being constrained based on the security association 
of the authenticated packet, 

selecting a routing destination for a packet based at least 
partially on the routing decision; and 

routing the authenticated packet to the selected routing 
destination. 

As is described above in relation to claim 1, Strahm's CFE does not, as is 
suggested in the Office Action, control routing based on a security association. It 
logically follows that Strahm's CFE does not make "a routing decision for an 
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authenticated packet, the routing decision being constrained based on the security 
association of the authenticated packet". Claims 15-21 and 23 are allowable over 
Strahm for at least this reason. 

C. Claims 24-25 

Applicant's claim 24 provides as follows (emphasis added): 

24. A computer program for performing network routing in 
accordance with a private network security technique, the computer 
program being embodied on a computer readable medium, the 
computer program comprising: 

a first code segment, the first code segment authenticating 
received packets sent from a source agent to a tunnel endpoint to 
determine whether a security association of a received packet 
corresponds to the source agent that sent the packet, the tunnel being 
configured by said source in accordance with a network protocol; 

a second code segment, the second code segment making d 
routing decision for an authenticated packet, the routing decision 
being constrained based on the security association of the 
authenticated, and 

a third code segment, the third code segment selecting a routing 
destination for the authenticated packet based at least partially on the 
routing decision made by the second code segment. 

As is described above in relation to claim 1, Strahm's CFE does not, as is 
suggested in the Office Action, control routing based on a security association. It 
logically follows that Strahm's CFE does not include a code segment that makes "a 
routing decision for an authenticated packet, the routing decision being constrained 
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based on the security association of the authenticated". Claims 24 and 25 are 
allowable over Strahm for at least this reason. 

D. Conclusion 

Due to the shortcomings of the Strahm reference described in the foregoing, 
Applicant respectfully asserts that Strahm does not anticipate Applicant's claims. 
Therefore, Applicant respectfully requests that the rejection of these claims be 
withdrawn. 

HI. Claim Rejections - 35 U.S.C. § 103(a) 

Claims 11 and 22 have been rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Strahm. Applicant respectfully traverses this rejection. 

As is identified above in reference to independent claims 1 and 15, Strahm does 
not teach several of Applicant's explicit claim limitations. Applicant respectfully 
submits that claims 1 1 and 22 are allowable over Strahm for at least the same reasons 
that claims 1 and 1 5 are allowable over Strahm. 

IV. Claims 6 and 13 

Applicant notes that claims 6 and 13 were not rejected in view of any art 
references. Applicant therefore requests that the Examiner explicitly identify claims 6 
and 13 as containing allowable subject matter. If art rejections of claims 6 and 13 were 
omitted in error and claims 6 and 13 will be rejected, Applicant respectfully submits that 
the next Office Action, should such Office Action be issued, should be non-final given 
that Applicant has not be provided an opportunity to address such rejections. 
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V. New Claims 

As identified above, claims 26-30 have been added into the application through 
this Response. Applicant respectfully submits that these new claims describe an 
invention novel and unobvious in view of the prior art of record and, therefore, 
respectfully requests that these claims be held to be allowable. 
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CONCLUSION 



Applicant respectfully submits that Applicant's pending claims are in 
condition for allowance. Favorable reconsideration and allowance of the present 
application and all pending claims are hereby courteously requested. If, in the opinion 
of the Examiner, a telephonic conference would expedite the examination of this matter, 
the Examiner is invited to call the undersigned attorney at (770) 933-9500. 



I hereby certify that this correspondence is being 
deposited with the United States Postal Service as 
first class mail, postage prepaid, in an envelope 
addressed to: Assistant Commissioner for Patents, 
Alexandria, Virginia 22313-1450, on 



Respectfully submitted, 




David Rodack 
Registration No. 47,034 
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